twinmind-data-handling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches user-generated meeting transcripts and summaries from the TwinMind API (see references/implementation.md and SKILL.md where GDPRHandler and other flows call client.get('/transcripts', …) and then delete or export them), so untrusted third-party content is ingested and used to drive deletions/exports and other actions, creating a clear avenue for indirect prompt-injection.